Lesson 3: Layers of Defense Flashcards
(17 cards)
What built-in security features does macOS have for malware?
macOS prevents malware from running and remediates malware that has executed.
How does Gatekeeper help prevent malware?
By only allowing software from identified developers to be opened.
What ensures safety of apps in the App Store?
All App Store apps are reviewed and signed by Apple.
What is Apple app notarization?
A service by Apple that automatically scans non–App Store software for known malware.
Is notarization the same as App Store review?
No, it’s a separate process for software distributed outside the App Store.
Can Jamf Pro control Gatekeeper and App Store settings?
Yes, Jamf Pro can restrict these settings.
Can the Gatekeeper bypass shortcut be restricted?
Yes, the control-click bypass can be restricted by Jamf Pro.
What is XProtect in macOS?
A built-in tool that provides malware remediation.
How does XProtect work?
It detects and blocks execution of known malware automatically.
What is Jamf Protect used for?
Additional malware remediation and endpoint threat prevention.
How does threat prevention block known malware?
It blocks processes matching known threats and quarantines the associated file.
What does System Integrity Protection (SIP) do?
It adds restrictions to the root user and protects system-critical directories.
Is SIP enabled by default?
Yes, SIP is enabled by default.
Which directories are protected by SIP?
/System, /usr, /bin, /sbin, /var, and pre-installed macOS apps.
How does Gatekeeper help prevent malware?
Only apps and packages signed by identified developers can be opened.
What is Apple app notarization?
Notarization is a service by Apple that allows developers who plan to distribute their software outside the App Store to submit their code to be scanned for known malware.
How does threat prevention block known malware?
Processes that match any known threats in the Jamf Protect threat database are blocked and associated files are quarantined.
